What language was used to write the program? 7. Is the program based on any other well-known tool? 6. When was the program written, compiled, and installed? 5.
Is the malware persistent? If so, what mechanism does it use to ensure that it keeps running after a machine is rebooted? 4. What are the host-based indicators that reveal the presence and activity of the malware? 3. What are the network-based indicators that reveal the presence and activity of the malware? 2007 Kris Kendall. How do I prevent this from happening in the future? Answers to these business questions are usually revealed by combining and synthesizing details revealed by asking purely technical questions, such as: 1. Who is targeting us and how good are they? 4. Some of the most common business questions answered by malware analysis are: 1. These questions can be broken down into business questions and technical questions. While you are studying the malware, your purpose is to discover the answers to questions about the malware. Some of the common reasons that you might want to analyze a malicious program include: To assess damage from an intrusion To discover and catalogue indicators of compromise that will reveal other machines that have been affected by the same malware or intruders To determine the sophistication level of the malware author To identify the vulnerability that was exploited to allow the malware to get there in the first place To identify the intruder or insider that is responsible for installing the malware To learn and have fun! By extending a common definition of the word analysis, we define malware analysis as the action of taking malware apart to study it. Malware analysis can be conducted with a variety of goals in mind. In this situation, some very important questions can be answered and usually, can only be answered by conducting malware analysis. 1 PRACTICAL MALWARE ANALYSIS Kris Kendall WHY PERFORM MALWARE ANALYSIS? What are some of the reasons that one might want to invest the (sometimes significant) resources required to effectively analyze malware? Imagine that you are in the unenviable position of finding some unknown, running, and potentially malicious executable program on an important server.
0 kommentar(er)
